A C-level executive at Outpost24 was targeted in a sophisticated phishing campaign that used a seven-step chain to evade detection and harvest Microsoft 365 credentials. The attack, linked by Specops to a phishing-as-a-service kit called Kratos, chained through legitimate services like Cisco Secure Web and Nylas and used DKIM signatures and Cloudflare to appear trustworthy. #Kratos #Outpost24
Keypoints
- A C-level executive at Outpost24 was specifically targeted, according to Specops Software.
- Attackers employed the Kratos phishing-as-a-service kit and a seven-step layered infrastructure.
- The phishing email impersonated JP Morgan and used two DKIM signatures to pass DMARC checks.
- Links were chained through secure-web.cisco.com, Nylas, a legitimate development firm’s subdomain, a re-registered domain, and Cloudflare to bypass filters.
- The final page mimicked Outlook to capture and validate Microsoft 365 credentials, and attribution remains inconclusive though techniques resemble Iran-linked activity.
Read More: https://www.securityweek.com/security-firm-executive-targeted-in-sophisticated-phishing-attack/